Mobile applications and e-commerce platforms are experiencing a significant surge in malicious bot activity, according to Radware's 2025 E-commerce Bot Threat Report. The findings reveal a dramatic shift in online traffic dynamics, with automated programs now accounting for more web activity than human users.

The report indicates that during the 2024 holiday season, approximately 57% of all traffic to online stores originated from bots, marking a substantial increase from prior years. Such automated traffic is noted to have increased by 160% on mobile platforms between the 2023 and 2024 holiday seasons. This rise is attributed to the sophistication of these bots, which employ advanced strategies to mimic genuine user behaviour effectively.

Ron Meyran, Vice President of Cyber Threat Intelligence at Radware, remarked, “Bad bots are no longer just based on simple scripts - they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defenses.” He stressed that businesses relying on conventional security measures would find themselves increasingly vulnerable not just during peak shopping periods but throughout the year.

The research highlights the strategies employed by these malicious bots, with nearly 60% of them utilising behavioural tactics designed to evade detection. Many of these bots take advantage of rotating IP addresses and identities, employ CAPTCHA farms, and mimic human browsing patterns, complicating the identification process for traditional security systems.

The report also addresses the challenges posed by mobile-targeted bot activity, noting that attackers are utilising mobile emulators and headless browsers to replicate legitimate app behaviour. Furthermore, there has been a 32% uptick in attack traffic from residential proxy networks, further complicating the enforcement of traditional security measures such as rate-limiting and geo-fencing.

A concerning trend identified in the report is the rise of multi-vector campaigns that integrate bot activities with traditional exploits and API-targeted attacks. These campaigns go beyond merely scraping prices or testing stolen credentials; their more malicious objective is to take websites offline completely.

As online retailers and e-commerce providers navigate this evolving landscape, the report emphasises the urgent need for enhanced security protocols. To combat these sophisticated threats, businesses must upgrade their security frameworks to incorporate advanced DDoS protection and intelligent traffic monitoring systems. The report suggests that solutions adopting AI-powered detection capabilities are essential to counter the increasingly complex tactics employed by these bots.

In summary, the landscape of online commerce faces unprecedented challenges as malicious bot activity escalates and becomes more sophisticated. The report serves as a clarion call for businesses to reassess their security measures and adapt to the evolving threat landscape, ensuring their operations remain secure in an age dominated by automated traffic.

Source: Noah Wire Services